tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 57736] New: changes from Tomcat 7 to Tomcat 8 causing problems
Date Sun, 22 Mar 2015 17:35:34 GMT

            Bug ID: 57736
           Summary: changes from Tomcat 7 to Tomcat 8 causing problems
           Product: Tomcat 8
           Version: 8.0.20
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina

Our webapp is using bouncycastle security provider, which was packed within the
WEB-INF/lib folder.
Furthermore our webapp run within a tomcat environment, which uses

This woked fine with Tomcat6 and Tomcat7. After switching to Tomcat8 we got an
Caused by: java.lang.SecurityException: JCE cannot authenticate the provider BC
    at javax.crypto.Cipher.getInstance(
    at javax.crypto.Cipher.getInstance(
    ... 96 more
Caused by: java.util.jar.JarException:
has unsigned entries - WEB-INF/css/bootstrap-responsive.min.css
    at javax.crypto.JarVerifier.verifySingleJar(
    at javax.crypto.JarVerifier.verifyJars(
    at javax.crypto.JarVerifier.verify(
    at javax.crypto.JceSecurity.verifyProviderJar(
    at javax.crypto.JceSecurity.getVerificationResult(
    at javax.crypto.Cipher.getInstance(
    at javax.crypto.Cipher.getInstance(

The exception "java.util.jar.JarException:
has unsigned entries - WEB-INF/css/bootstrap-responsive.min.css"
states to an entry of the WAR itself instead of an entry of the

Extract from
states to

       private Cipher createCipher(int encryptMode) throws
NoSuchAlgorithmException, NoSuchProviderException,
                NoSuchPaddingException, InvalidKeyException,
InvalidAlgorithmParameterException {
            // Register BouncyCastleProvider
            Security.addProvider(new BouncyCastleProvider());
            // Create the IV Key
            AlgorithmParameterSpec IVspec = new IvParameterSpec(getIV128Key());

            // Create the Cipher für Decrypting
            Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding",
"BC");  // <== line 200
            SecretKey keyValue = new SecretKeySpec(getAES128Key(), "AES");
            encryptCipher.init(encryptMode, keyValue, IVspec);

            return encryptCipher;

As workaround, i removed the bouncycastle provider from the WEB-INF/lib and put
it to CATALINA_BASE/lib.

A second problem occured, when a uri resource is loaded from a jar inside a
unpacked war:
com.mycila.xmltool.XMLDocumentException: Validation failed: Illegal character
in opaque part at index 55:

The RFC 2396 "URI Generic Syntax" says, the char ^ is an "unwise" uri char,
which causes a in our environment.

As workaround, we changed the resource loader to return a Stream instead of the
uri string. 

Both problems are reproducable with any java platform. (Tried Java 7/8 on
Windows X86_64, Linux X86_64) with Tomcat 8. Tomcat 7 has no problem.

Please check the changes form 7 to 8.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message